On Tue, Jul 17, 2012 at 5:38 PM, Pascal Bleser
(don't use MD5, it's insecure and can relatively easily be hacked with collisions, use SHA instead ;))
While this is basically true MD5 is used in OBS all over the place and thus for consistency and code reuse reasons it might still make sense to go with that. It should also be noted that the intent of the MD5 sum in Marcus' proposal is not to add a layer of security for malicious attacks (that you better prevent by verifying RPM signatures and SSL certificates for the connection (when using https)) but to use it as a simple checksum mechanism to detect technical transmission issues. Robert -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org